Subject: Verifying and updating NetBSD
To: None <>
From: Anand Buddhdev <>
List: netbsd-users
Date: 10/04/2004 09:25:52
Hi everyone,

I am a NetBSD newbie, mostly used to RedHat Fedora so far. I have 
recently installed NetBSD 1.6.2/i386 on a server. The installation was 
not smooth. The system already had Debian on it, which I chose to 
overwrite, and let NetBSD use the entire disk. However, on first boot, I 
got the error "invalid partition table", and the server would not boot. 
I repeated the installation, following the same steps, but I got the 
same error. Finally, I booted a linux system and using the linux fdisk, 
erased all the partitions from the disk, after which, an installation of 
NetBSD went well. The reason I resorted to linux was that I did not know 
how to erase all the partitions using the NetBSD fdisk on the install 
CD. Reading the manpage did not make it any clearer. I tried using the 
-u option to interactively modify the partition table, and put 0 for the 
start and end points of the partitions, but it did not appear to chnage 
the table. Have I missed something?

I went on to install pkgsrc, and I am very impressed with it :) It is so 
simple to add software! And with a combination of lintpkgsrc and 
audit-packages, I can keep the packages updated.

However, I cannot find any such similar mechanism for the base system. 
If I log into a NetBSD system, how do I tell what patches or updates it 
needs? Is there any tool on the system which I can run to tell me of 
unpatched software in the base system? I have read the NetBSD guide on 
keeping a stable system updated, using CVS, and recompiling the source. 
But that would take too much time, if only 2 or 3 files need updating, 
for example. I know I can also recompile a part of the source tree to 
update a vulnerable program, but how do I know if a certain NetBSD 
system is already patched or not. Is there a concept of a 'patchlevel', 
like in Solaris, which allows an admin to know which patches have and 
have not been applied to a system?

Finally, I see that the base ships with sendmail, postfix and bind, all 
of which are old/buggy versions. I have seen that I can use the packages 
system to add new versions of these packages, and make them run instead 
of the old versions. However, I would still prefer to completely remove 
the old versions, to avoid (1) confusion and (2) stop someone from 
exploiting the old program which exist on the system. Is there a clean, 
way to remove these old packages? Is there, for example, a file list 
somewhere describing which files need to be removed to erase, for 
example, the bind the ships in the base system?

I ask this, because I am used to RPMs under RedHat/Fedora. In that 
system, everything is packegised, including things like sendmail, 
postfix, bind, and even the kernel. This makes it easy to remove all 
unwanted software from a system. Is there any plan for NetBSD to 
packegise the base system at any point?